Lucene search

MitreCVE-2012-1058

HistoryFeb 14, 2012 - 12:55 a.m.

CVE-2012-1058

2012-02-1400:55:00

CWE-352

mitre

web.nvd.nist.gov

cve-2012-1058

csrf

flyspray 0.9.9.6

vulnerability

admin.newuser

index.php

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.008

Percentile

81.9%

JSON

Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.

Affected configurations

Nvd

Node

flysprayflysprayMatch0.9.9.6

VendorProductVersionCPE
flysprayflyspray0.9.9.6cpe:2.3:a:flyspray:flyspray:0.9.9.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flyspray	flyspray	0.9.9.6	cpe:2.3:a:flyspray:flyspray:0.9.9.6:::::::*

References

osvdb.org/78923

packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html

secunia.com/advisories/47881

www.exploit-db.com/exploits/18468

exchange.xforce.ibmcloud.com/vulnerabilities/73051

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.008

Percentile

81.9%

JSON

Related for CVE-2012-1058